It’s not quite the “Rise of the Machines” depicted in the “Terminator” movies, but the Internet of Things does have its safety issues.
Case in point: Johnson & Johnson is warning users of its Animas OneTouch Ping insulin pumps that the devices could be vulnerable to hackers.
When Investment Rhymes with Canada
Canada has a proud history of achievement in the areas of science and technology, and the field of biomanufacturing and life sciences is no exception.
J&J, based in New Brunswick, New Jersey, sent a letter to patients last week from its Animas subsidiary acknowledging three security vulnerabilities first brought to the company’s attention six months ago. “We want you to know that Animas has investigated this issue and has worked with the appropriate regulatory authorities and security experts, as we are always evaluating ways to further ensure patient safety and security,” the letter said.
Animas recommended either turning off the radio frequency transmitter in the OneTouch Ping device or limit the amount of insulin that can be delivered at any one time. The company also advised patients to turn on vibrating alerts so users can cancel insulin doses they aren’t supposed to get.
The security risks came to light last week when Jay Radcliffe, a OneTouch Ping insulin pump user who happens to work for cybersecurity technology vendor Rapid7 discussed the flaws on his company’s blog. Reuters first broke the news widely on Tuesday.
Radcliffe, told Reuters that he first informed J&J of the vulnerabilities back in April. On the blog, he wrote:
The OneTouch Ping does not communicate on 802.11 WiFi, or otherwise communicate on the internet. However, it is believed these attacks could be performed from one to two kilometers away, if not substantially further, using sufficient elevation and off-the-shelf radio transmission gear available to ham radio hobbyists.
A J&J spokeswoman confirmed the security flaws to MedCity News. A corporate statement issued to the press said that the risk of hacking was “extremely low, would require technical expertise, sophisticated equipment and proximity to the pump.”
J&J said it was continuing to work with unspecified regulatory agencies — probably the Food and Drug Administration and possibly the Federal Communications Commission as well — and with security experts to prevent actual hacks of the insulin pumps.
The security industry has feared hacks of connected medical devices for several years. In July 2015, the FDA warned that Hospira’s Symbiq Infusion System smart pumps could be vulnerable to hackers. The FDA has not issued any statement on the OneTouch Ping to date.
Photo: Brent Lewin/Bloomberg via Getty Images
